Chair of Mobile Business & Multilateral Security

Privacy Preserving Machine Learning


Basic Information
Type of Lecture: Lecture
Course: Master
Hours/Week: 2
Credit Points: 6
Language: German
Term: Summer 2021
This email address is being protected from spambots. You need JavaScript enabled to view it.



Content of the Course


UPDATE: Due to the current COVID-19 situation, we have decided to have the seminar kick-off and the presentations online. Presentations will only take place on June 11th.

Although the applications of machine learning seem to be endless, many countries restrict and regulate the handling and usage of personal data by data protection regulations such as the EU GDPR. Many companies still struggle with the implementation and maintenance of EU GDPR conform data handling. Especially in conservative markets the usage of complex models or even the storage of related data is obviated. The biggest challenge at present is to meet the requirements of the data protection regulations while opening up new markets at the same time. Therefore, a variety of new technologies that enable privacy preserving machine learning have emerged during the recent years. These techniques aim to protect machine learning models from a variety of attacks that try to reveal data, training features, or the algorithm itself.

The objective of this seminar is to perform an extensive analysis of the state of the art in which privacy threats and the implementation of counter-measures will be analysed.

          • Fredrikson, M., Jha, S., & Ristenpart, T. (2015, October). Model inversion attacks that exploit confidence information and basic countermeasures. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (pp. 1322-1333).
          • Shokri, R., Stronati, M., Song, C., & Shmatikov, V. (2017, May). Membership inference attacks against machine learning models. In 2017 IEEE Symposium on Security and Privacy (SP) (pp. 3-18). IEEE.
          • Su, J., Vargas, D. V., & Sakurai, K. (2019). One pixel attack for fooling deep neural networks. IEEE Transactions on Evolutionary Computation, 23(5), 828-841.
          • Al-Rubaie, M., & Chang, J. M. (2019). Privacy-preserving machine learning: Threats and solutions. IEEE Security & Privacy, 17(2), 49-58.
29.04.21 09:00 - 17:30 Kick-Off Meeting (online) Introduction,Introduction,
11.06.21 09:00 - 14:00 Presentations (online) Agenda
The event is planned as a face-to-face event at the university. If more than 10 participants register and we cannot comply with the hygiene regulations for the planned rooms, we will hold the dates online. We will publish all information about the Seminar including changes of time and room on our website.

This module is limited to 20 participants.

A two-stage registration procedure with different deadlines applies. You have to take part in both stages!

Stage 1: Application Deadline: 22 March 2021 – 6 April 2021

Module Application via QIS: My Functions > Lectures occupy/sign off (Instruction Module Application)

Stage 2: Exam Registration and Withdrawal Deadline8 April 2021 – 21 April 2021

Exam Registration and Withdrawal via QIS: My Functions > Administration of exams (Instruction Exam Registration)

An acceptance in the application procedure entitles students to register for the allocated module, but it does not replace an exam registration. Without an exam registration in stage 2, the allocated module claim of the module application in stage 1 expires!

Assignment of Available Capacities: 22 April 2021 by e-mail. Detailed information will be published on this website in due time.

For exchange students, module application as well as exam registration and withdrawal is not possible via QIS. Exchange students register or withdraw with a form within the exam registration and withdrawal deadline (not application deadline!). Forms and information are available at the Website of the Faculty's International Office.




In order to successfully pass this module, you need to write a paper (60%) and make a presentation (40%). Each partial requirement needs to be passed with a grade of 4.0 or better.

Topics are in the area of:

          1. Privacy preserving machine learning in the smartphone ecosystem
          2. Privacy preserving machine learning in the car industry
          3. Economic incentives for privacy preserving machine learning
          4. Privacy preserving federated learning
          5. Privacy preserving differential privacy

Specific topics will be provided during the kick-off session. The methodologies will be presented and discussed in the group before the allocation of the topics.

Students are still required to work through the methodology of their topic carefully.

Alternative forms of examinations and other exceptions are only approved for the SoSe 2020 and WiSe 2020/21 so far. Therefore, we can initially only plan with the applicable regulations of our examination regulations. As soon as the University decides on different exceptions for the SoSe 2021 (probably in March/April 2021), the Examination Office will publish prepared information.

Due to the events, please keep up to date. Please find latest information of the Examination Office on this website Website and via Examination Office News. We recommend subscribing to the Examination Office News (